Abstract Vehicular ad hoc networks (VANETs) is considered a milestone in improving the safety and efficiency in transportation. Nevertheless, when information from the vehicular communications is combined with data from the cloud, it also introduces some privacy risks by making it easier to track the physical location of vehicles. For this reason, to guarantee the proper performance of a \{VANET\} it is essential to protect the service against malicious users aiming at disrupting the proper operation of the network. Current researches usually define a traditional identity-based authentication for nodes, which are loaded with individual credentials. However, the use of these credentials in VANETs without any security mechanism enables vehicle tracking and therefore, violate users’ privacy, a risk that may be overcome by means of appropriate anonymity schemes. This comes at the cost, however, of on the one hand preventing VANET centralized authorities from identifying malicious users and revoking them from the network, or on the other hand to avoid complete anonymity of nodes in front of the CA thus to allow their revocation. In this paper, a novel revocation scheme that is able to track and revoke specific malicious users only after a number of complaints have been received while otherwise guaranteeing node’s k-anonymity is described. The proper performance of these mechanisms has been widely evaluated with NS-2 simulator and an analytical model validated with scripts. The results show that presented work is a promising approach in order to increase privacy protection while allowing revocation with little extra costs.

In this paper we describe a method for transmitting H.264/AVC encoded video. The data transfer is performed by adapting data transmission to network performance in order to ensure continuous transmission. The data transfer between server and client terminals is performed by TCP sockets. The original video is encoded in H.264/AVC for different levels of bitrate using the GStreamer library. Then each encoded video is segmented at GOP level. The purpose of segmenting the video is to facilitate switching between different video qualities to adapt the bitrate to the variable network capacity, and using a control
in the server side. Segmenting the encoded video has the
advantages of scaling the digital video service and the maximum use of network resources.

One of the main threats to body sensor networks (BSNs) is Denial of Service attacks that disrupt communications used to transmit patients' health data. The application of cognitive radio (CR) technology into BSNs can mitigate such a threat and improve network availability, by allowing network nodes to cooperatively agree on a new radio channel whenever the quality of the channel being in use decreases. However, the cooperative spectrum sensing mechanisms used by CRs should also be protected to prevent an attacker from predicting the new channel of operation. In this work, we present a lightweight and robust mechanism that appropriately secures the channel selection process while minimizing resources consumption, thus being suited for resource constrained devices such as body sensor nodes. The proposed method has been analyzed in terms of energy consumption and transmission overhead and it has been shown that it outperforms existing cryptographic approaches.

In this chapter, we describe nodes in the Internet of Things can configure themselves automatically and offer personalized services to the users while protecting their privacy. We will show how privacy protection can be achieved by means of a use case. We describe DocCloud, a recommender system where users get content recommended by other users based on their personal affinities. To do this, their things connect together based on the affinities of their owners, creating a social network of similar things, and then provide the recommender system on top of this network. We present the architecture of DocCloud and analyze the security mechanisms that the system includes. Specifically, we study the properties of plausible deniability and anonymity of the recommenders and intermediate nodes. In this way, nodes can recommend products to the customers while deny any knowledge about the product they are recommending or their participation in the recommendation process.

In recent times we are witnessing the emergence of a wide variety of information systems that tailor the information-exchange functionality to meet the specific interests of their users. Most of these personalized information systems capitalize on, or lend themselves to, the construction of user profiles, either directly declared by a user, or inferred from past activity. The ability of these systems to profile users is therefore what enables such intelligent functionality, but at the same time, it is the source of serious privacy concerns. The purpose of this paper is twofold. First, we survey the state of the art in privacy-enhancing technologies for applications where personalization comes in. In particular, we examine the assumptions upon which such technologies build, and then classify them into five broad categories, namely, basic anti-tracking technologies, cryptography-based methods from private information retrieval, approaches relying on trusted third parties, collaborative mechanisms and data-perturbative techniques. Secondly, we review several approaches for evaluating the effectiveness of those technologies. Specifically, our study of privacy metrics explores the measurement of the privacy of user profiles in the still emergent field of personalized information systems.

Recommender systems select the most interesting products for costumers based on their interests. The move of a recommender system to a cloud faces many challenges from the perspective of the protection of the participants. Little work has been done regarding secure recommender systems or how to cope with the legal liability of the cloud provider and any virtual machine inside the cloud.
We propose DocCloud, a recommender system that focused on the protection of all participants against legal attacks. We present the architecture of DocCloud and analyze the security mechanisms that the system includes. Specifically, we study the properties of plausible deniability and anonymity of the recommenders and intermediate nodes. This way, nodes can recommend products to the customers while deny any knowledge about the product they are recommending or their participation in the recommendation process.

A key aspect in the design of smart cities is, undoubtedly, a plan for the efficient management of utilities, enabled by technologies such as those entailing smart metering of the residential consumption of electricity, water or gas. While one cannot object to the appealing advantages of smart metering, the privacy risks posed by the submission of frequent, data-rich measurements cannot simply remain overlooked. The objective of this paper is to provide a general perspective on the contrasting issues of privacy and efficient utility management, by surveying the main requirements and tools, and by establishing exploitable connections. Copyright (c) 2013 John Wiley & Sons, Ltd.

The use of WiMAX cellular networks has arisen as a promising solution in order to provide broadband access over large, often shadowed, areas. As in other cellular networks, localization of users is extremely useful for many services and even essential for some civilian and/or military logistic operations. In a cellular WiMAX network, a node can obtain its position from beacons received by several cell base stations. Therefore, securing the localization method against potential false or erroneous feedback is of paramount importance in order to allow the nodes to get reliable position estimations. This fact implies not only making the localization method robust against erroneous or forged measurements, but also identifying which WiMAX base stations are providing such measurements. In this paper, we propose a robust localization method that can identify up to k malicious or misbehaving base stations and provide with an accurate estimation of the node position even in their presence. Simulation results prove that this proposal outperforms other existing detection techniques.

Vehicular Ad Hoc Networks (VANETs) require mechanisms to authenticate messages, identify valid vehicles, and remove misbehaving vehicles. A public key infrastructure (PKI) can be used to provide these functionalities using digital certificates. However, if a vehicle is no longer trusted, its certificates have to be revoked and this status information has to be made available to other vehicles as soon as possible. In this paper, we propose a collaborative certificate status checking mechanism called COACH to efficiently distribute certificate revocation information in VANETs. In COACH, we embed a hash tree in each standard Certificate Revocation List (CRL). This dual structure is called extended-CRL. A node possessing an extended-CRL can respond to certificate status requests without having to send the complete CRL. Instead, the node can send a short response (less than 1 kB) that fits in a single UDP message. Obviously, the substructures included in the short responses are authenticated. This means that any node possessing an extended-CRL can produce short responses that can be authenticated (including Road Side Units or intermediate vehicles). We also propose an extension to the COACH mechanism called EvCOACH that is more efficient than COACH in scenarios with relatively low revocation rates per CRL validity period. To build EvCOACH, we embed an additional hash chain in the extended-CRL. Finally, by conducting a detailed performance evaluation, COACH and EvCOACH are proved to be reliable, efficient, and scalable.

Personal Health Systems (PHS) allow to move the point of care from hospitals to the patient's home. Moreover, a PHS usually handles much more information and provides more appropriate diagnostic and personalized treatments to individuals. In this paper, we present the objectives, structure and expected innovations of the TAMESIS project. TAMESIS aims to contribute in advancing the state of the art of some of the technologies needed for the development of Personal Health Systems. Specifically, we propose techniques for preventing denial of service, sensor node malfunctioning and traffic injection. In addition, we explore a protocol that makes use of mobile agents for the exchange of medical records between networked databases. As a novel aspect, the protocol will not only support bilateral agreements, already existing in the literature, but multilateral agreements. In reference to clinical data, is critical to preserve the privacy and intimacy of patients. Thus, the data, at the time of being collected as for when it is exchanged, should be processed so as to avoid leakage of information that is not strictly necessary for the parties to fulfill their task correctly. A privacy metric suitable for PHS, and the incorporation of mechanisms needed for privacy and intimacy are also key objectives of this project. Finally, usability aspects of all the system interfaces will be considered.

Nowadays, the great diffusion of advanced devices, such as smart-phones, has shown that there is a growing trend to rely on new technologies to generate and/or support progress; the society is clearly ready to trust on next-generation communication systems to face today’s concerns on economic and social fields. The reason for this sociological change is represented by the fact that the technologies have been open to all users, even if the latter do not necessarily have a specific knowledge in this field, and therefore the introduction of new user-friendly applications has now appeared as a business opportunity and a key factor to increase the general cohesion among all citizens. Within the actors of this technological evolution, wireless machine-to-machine (M2M) networks are becoming of great importance. These wireless networks are made up of interconnected low-power devices that are able to provide a great variety of services with little
or even no user intervention. Examples of these services can be fleet management, fire detection, utilities consumption (water and energy distribution, etc.) or patients monitoring. However, since any arising technology goes together with its security threats, which have to be faced, further studies are necessary to secure wireless M2M technology. In this context, main threats are those related to attacks to the services availability and to the privacy of both the subscribers’ and the services providers’ data. Taking into account the often limited resources of the M2M devices at the hardware level, ensuring the availability and privacy requirements in the range of M2M applications while minimizing the waste of valuable resources is even more challenging.
Based on the above facts, this Ph. D. thesis is aimed at providing efficient security solutions for wireless M2M networks that effectively reduce energy consumption of the network while not affecting the overall security services of the system. With this goal, we first propose a coherent taxonomy of M2M network that allows us to identify which security topics deserve special attention and which entities or specific services are particularly threatened. Second, we define an efficient, secure-data aggregation scheme that is able to increase the network lifetime by optimizing the energy consumption of the devices. Third, we propose a novel physical authenticator or frame checker that minimizes the communication costs in wireless channels and that successfully faces exhaustion attacks.
Fourth, we study specific aspects of typical key management schemes to provide a novel protocol which ensures the distribution of secret keys for all the cryptographic methods used in this system. Fifth, we describe the collaboration with the WAVE2M community in order to define a proper frame format actually able to support the necessary security services, including the ones that we have already proposed; WAVE2M was funded to promote the global use of an emerging wireless communication technology for ultra-low and long-range services. And finally sixth, we provide with an accurate analysis of privacy solutions that actually fit M2M-networks services’ requirements. All the analyses along this thesis are corroborated by simulations that confirm significant improvements in terms of efficiency while supporting the necessary security requirements for M2M networks.

Machine-to-machine networks are spreading over every sector of our society due to their self-organisation capabilities. In these networks, thousands of devices are left unattended for years of operation without the possibility of human intervention. In this sense, every step forward into avoiding early exhaustion of the network nodes is of paramount importance. We have introduced a novel authentication scheme that is able to discard non-intended and/or non-legitimate packets just after the reception of the physical preamble. This proposal was shown to yield enormous energy saving with regard to both node exhaustion attacks and normal network operation. In this paper, we extend that work with a novel synchronisation protocol that addresses previous desynchronisation issues. Besides, we analyse and propose the more appropriate deployment parameters that maximise the overall energy savings. We also detail the necessary key generation and key updating processes required to manage the in use keying material. Moreover, we show how to fit the proposed mechanism into the IEEE 802.15.4e amendment to the IEEE 802.15.4-2006 standard, as many companies have decide to go for this technology for the development of machine-to-machine networks

Security issues are gaining in importance for machine-to-machine (M2M) networks, mainly because thousands of devices are left unattended for years of operation without the possibility of human intervention. One of the most critical security issues is the prevention of denial of service (DoS) attacks, given the limited capabilities of the M2M devices and the wireless communication settings. To this end, we had earlier introduced a novel recursive PHY-Layer security scheme which was shown to yield enormous benefits with regards to DoS attacks [1]. Recognizing the importance of the thus required synchronization window and the possibility of desynchronization because of poor channel conditions, we introduce a novel synchronization process...

One of the hardest tasks of a public key infrastructure (PKI) is to manage revocation. New
communication paradigms push the revocation system to the limit and an accurate resource assessment
is necessary before implementing a particular revocation distribution system. In this context, a precise
modeling of certificate revocation is necessary. In this article, we analyze empirical data from real
CAs to develop an accurate and rigorous model for certificate revocation. One of the key findings of
our analysis is that the certificate revocation process is statistically self-similar. The proposed model
is based on an autoregressive fractionally integrated moving average (ARFIMA) process. Then, using
this model, we show how to build a synthetic revocation generator that can be used in simulations
for resource assessment. Finally, we also show that our model produces synthetic revocation traces
that are indistinguishable for practical purposes from those corresponding to actual revocations.

The success and intensive use of social networks makes strategies for efficient document location a hot
topic of research. In this paper, we propose a common vector space to describe documents and users to
create a social network based on affinities, and explore epidemic routing to recommend documents
according to the user’s interests. Furthermore, we propose the creation of a SoftDHT structure to improve
the recommendation results. Using these mechanisms, an efficient document recommender system with
a fast organization of clusters of users based on their affinity can be provided, preventing the creation of
unlinked communities. We show through simulations that the proposed system has a short convergence
time and presents a high recall ratio.

The increasing emergence of wireless applications along with the static spectrum allocation followed by regulatory bodies has led to a high inefficiency in spectrum usage, and the lack of spectrum for new services. In this context, Cognitive Radio (CR) technology has been proposed as a possible solution to reuse the spectrum being underutilized by licensed services.
CRs are intelligent devices capable of sensing the medium and identifying those portions of the spectrum being unused. Based on their current perception of the environment and on that learned from past experiences, they can optimally tune themselves with regard to parameters such as frequency, coding and modulation, among others. Due to such properties, Cognitive Radio Networks (CRNs) can act as secondary users of the spectrum left unused by their legal owners or primary users, under the requirement of not interfering primary communications.
The successful deployment of these networks relies on the proper design of mechanisms in order to efficiently detect spectrum holes, adapt to changing environment conditions and manage the available spectrum. Furthermore, the need for addressing security issues is evidenced by two facts. First, as for any other type of wireless network, the air is used as communications medium and can easily be accessed by attackers. On the other hand, the particular attributes of CRNs offer new opportunities to malicious users, ranging from providing wrong information on the radio environment to disrupting the cognitive mechanisms, which could severely undermine the operation of these networks.
In this Ph.D thesis we have approached the challenge of securing Cognitive Radio Networks. Because CR technology is still evolving, to achieve this goal involves not only providing countermeasures for existing attacks but also to identify new potential threats and evaluate their impact on CRNs performance.
The main contributions of this thesis can be summarized as follows. First, a critical study on the State of the Art in this area is presented. A qualitative analysis of those threats to CRNs already identified in the literature is provided, and the efficacy of existing countermeasures is discussed. Based on this work, a set of guidelines are designed in order to design a detection system for the main threats to CRNs. Besides, a high level description of the components of this system is provided, being it the second contribution of this thesis.
The third contribution is the proposal of a new cross-layer attack to the Transmission Control Protocol (TCP) in CRNs. An analytical model of the impact of this attack on the throughput of TCP connections is derived, and a set of countermeasures in order to detect and mitigate the effect of such attack are proposed.
One of the main threats to CRNs is the Primary User Emulation (PUE) attack. This attack prevents CRNs from using available portions of the spectrum and can even lead to a Denial of Service (DoS). In the fourth contribution of this the method is proposed in order to deal with such attack. The method relies on a set of time measures provided by the members of the network and allows estimating the position of an emitter. This estimation is then used to determine the legitimacy of a given transmission and detect PUE attacks.
Cooperative methods are prone to be disrupted by malicious nodes reporting false data. This problem is addressed, in the context of cooperative location, in the fifth and last contribution of this thesis. A method based on Least Median Squares (LMS) fitting is proposed in order to detect forged measures and make the location process robust to them.
The efficiency and accuracy of the proposed methodologies are demonstrated by means of simulation.

Cognitive radio networks (CRNs) can improve the utilization of the spectrum by making use of licensed spectrum in an opportunistic manner. With such purpose, coexistence mechanisms among CRN nodes or secondary users and legitimate users of the spectrum or primary users are defined. However, due to the particular features of CRNs, new security threats arise, such as the primary user emulation (PUE) attack, which is the most challenging among all. With the aim of detecting such kind of attacks, in this paper we propose a cooperative localization method specifically suited to CRNs which relies on TDoA measurements and Taylor-series estimations. Simulations results show the goodness of the proposed method and its suitability to typical CRN scenarios.

Wireless sensor networks (WSNs) are made up
of large groups of nodes that perform distributed monitoring
services. Since sensor measurements are often sensitive
data acquired in hostile environments, securing WSN
becomes mandatory. However, WSNs consists of low-end
devices and frequently preclude the presence of a centralized
security manager. Therefore, achieving security is
even more challenging. State-of-the-art proposals rely on:
(1) attended and centralized security systems; or (2)
establishing initial keys without taking into account how to
efficiently manage rekeying. In this paper we present a
scalable group key management proposal for unattended
WSNs that is designed to reduce the rekeying cost when
the group membership changes.

Whilst security is generally perceived as an important constituent of communication systems, this paper offers a viable security-communication-tradeoff particularly tailored to Advanced Metering Infrastructures (AMIs) in Smart Grid systems. These systems, often composed of embedded nodes with highly constrained resources, require e.g. metering data to be delivered efficiently whilst neither jeopardizing communication nor security. Data aggregation is a natural choice in such settings, where the challenge is to facilitate per-hop as well as end-to-end security. The prime contribution of this paper is to propose a secure aggregation protocol that meets the requirements of Smart Grids, and to analyze its efficiency considering various system configurations as well as the impact of the wireless channel through packet error rates. Relying on analysis and corroborative simulations, unprecedented design guidelines are derived which determine the operational point beyond which aggregation is useful as well quantifying the superiority of our protocol w.r.t. non-aggregated solutions.

Cognitive Radio (CR) technology constitutes a new paradigm where wireless devices can access the spectrum left unused by licensed or primary users in an opportunistic way. This feature opens the door to a main new threat: the Primary User Emulation (PUE) attack, in which a malicious user transmits a fake primary signal preventing a Cognitive Radio Network (CRN) from using the available spectrum. Cooperative location of a primary source can be a valuable tool for distinguishing between a legitimate transmission and a PUE attack whenever the position of primary users is known, as it
is the case of TV towers in the IEEE 802.22 standard. However, the location process can be undermined due to false data provided by malicious or faulty nodes. In this paper,
we analyze the effect of forged reports on the location process of a given emitter and provide a set of countermeasures in order to make it robust to undesired behaviors.

Cognitive Radio Networks (CRNs) arise as a promising solution to the scarcity of spectrum. By means of cooperation and smart
decisions influenced by previous knowledge, CRNs are able to detect and profit from the best spectrum opportunities without interfering primary licensed users. However, besides the well-known attacks to wireless networks, new attacks threat this type of networks. In this paper we analyze
these threats and propose a set of intrusion detection modules targeted to detect them. Provided method will allow a CRN to identify attack sources and types of attacks, and to properly react against them.

The vision of connecting a large amount of objects on this planet to improve well-being and safety is slowly taking shape. Preceded
by a decade-long era of research on low-power low-rate short-range wireless sensor networks, first proprietary and later standards-compliant embedded technologies have successfully been put forward. Cellular
machine-to-machine (M2M) is taking this technology to a next step where communication ranges are significantly extended by relying on cellular
infrastructure. This position paper discusses these emerging paradigms and highlights how cooperative as well as security requirements are core to their designs

Cognitive radio is a promising technology aiming to improve the utilization of the radio electromagnetic spectrum. A cognitive
radio is a smart device which runs radio applications software to perform signal processing. The use of this software enables the
device to sense and understand its environment and actively change itsmode of operation based on its observations. Unfortunately,
this solution entails new security challenges. In this paper, we present a cross-layer attack to TCP connections in cognitive radio
networks, analyze its impact on TCP throughput via analytical model and simulation, and propose potential countermeasures to
mitigate it.

Whilst security is generally perceived as an important constituent of communication systems, this paper offers a viable security-communication-tradeoff particularly tailored to Advanced Metering Infrastructures (AMIs) in Smart Grid systems. These systems, often composed of embedded nodes with highly constrained resources, require e.g. metering data to be delivered efficiently whilst neither jeopardizing communication nor security. Data aggregation is a natural choice in such settings, where the challenge is to facilitate per-hop as well as end-to-end security. The prime contribution of this paper is to propose a secure aggregation protocol that meets the requirements of Smart Grids, and to analyze its efficiency considering various system configurations as well as the impact of the wireless channel through packet error rates. Relying on analysis and corroborative simulations, unprecedented design guidelines are derived which determine the operational point beyond which aggregation is useful as well quantifying the superiority of our protocol w.r.t. non-aggregated solutions.